Transcript lecture06

IP Routing
• Routing - the process of choosing a path
over which to send packets
• Router - a computer that performs routing
• Routing is one of the Internet Protocol’s
primary functions
IP Routing
• Criteria that could (ideally) be used to make
routing decisions:
–
–
–
–
–
Network characteristics
Network topology
Network load
Datagram length
Type of service requested in the datagram’s header
• IP routing software:
– Normally does not consider most of these factors
– Makes decisions based on fixed assumptions about
shortest paths
Review: Internet Architecture
R3
R4
R5
Net 1
Net 2
R1
R2
Host
Hosts vs. Routers
• Hosts make routing decisions
• Hosts don’t typically transfer packets from
one network to another
• Routers make routing decisions
• Routers typically transfer packets from one
network to another
Direct vs. Indirect Delivery
• Direct delivery - transmit datagram across a
single physical network to the destination
• Indirect delivery - transmit datagram across
multiple physical networks (with the aid of
routers) to the destination
• How does a machine know which method
of delivery to use?
Direct Delivery
• Map the destination IP address to a physical
address
• Encapsulate the datagram in a physical
frame
• Send the frame over the physical network to
the destination
Indirect Delivery
•
•
•
•
Encapsulate the datagram in a frame
Choose a router on the physical network
Send the frame to that router
Router forwards the datagram on towards
its final destination
– How does the host choose a router?
– How does the router forward the datagram?
The IP Routing Table
• Routing table - each machine stores
information about destination networks and
how to reach them
• Using only netid portion of the IP address
keeps routing tables:
– Small
– Relatively stable
Next-Hop Routing
Next-Hop Routing (cont)
• Routing table at machine M contains pairs
(N,R)
– N is the IP address of a destination network
– R is the IP address of the “next” router (R and
M must share a physical network)
• Routing table size:
– Depends on the number of networks in the internet
– Only grows when new networks are added
Properties of Next-Hop Routes
• All traffic destined for a given network
takes the same path
• Only the final router can determine whether
a host exists or is operational
• Routes are not necessarily symmetric
Default Routes
• No route in the routing table = datagrams
sent to the default router
• Both simplifies routing tables and reduces
their size:
20.0.0.0
30.0.0.0
10.0.0.0
50.0.0.0
40.0.0.5
40.0.0.5
40.0.0.5
60.0.0.7
50.0.0.0
default
60.0.0.7
40.0.0.5
Host-Specific Routes
• Routing tables are allowed to include perhost routes as a special case:
50.0.0.0
30.0.0.8
30.0.0.0
default
60.0.0.2
20.0.0.5
20.0.0.4
40.0.0.7
The IP Routing Algorithm
Extract the destination IP address, D, from the datagram and
compute the netid, N
If N matches any directly connected network address deliver
the datagram directly
else if the routing table contains a host-specific address for D
send the datagram to the next-hop specified in the table
else if the routing table contains a route for network N send
the datagram to the next-hop specified in the table
else if the routing table contains a default router send the
datagram there
else declare a routing error
Why not Use Physical Addresses?
• Routing tables store the IP address of the next hop
• IP addresses must be translated into physical
addresses
IP Routing - Summary
• Routing is one of the Internet Protocol’s primary
functions
• Routing is the process of choosing a path over
which to send packets
• Questions not answered:
– How does a host or router initialize its routing table?
– How are routing tables updated as the network
changes?
Error and Control Messages in
the Internet Protocol
• Extranormal communication among routers
and hosts is sometimes necessary to:
– Report errors
– Handle abnormal conditions
– Update routing information
• The Internet Protocol defines a single
mechanism for these types of messages
The Internet Control
Message Protocol (ICMP)
• Normally generated by and intended for the
IP software
• Two levels of encapsulation:
ICMP is for Error Reporting
• Errors are reported to a datagram’s original
sender
• It is the sender’s responsibility to take
appropriate action
• Exception: ICMP messages are not
generated for errors that result from
datagrams carrying ICMP messages
ICMP Message Format
• All ICMP messages begin with the same
three fields:
– TYPE (1 octet) - identifies the message
– CODE (1 octet) - information about the subtype
– CHECKSUM (2 octets) - covers the ICMP message
• ICMP error messages always include the
header and first 64 data bits of the datagram
causing the problem
The ICMP TYPE Field
Type Field
------------0
3
4
5
8
11
12
13
14
15
16
17
18
ICMP Message Type
-------------------------Echo Reply
Destination Unreachable
Source Quench
Redirect
Echo Request
Time Exceeded for Datagram
Parameter Problem on Datagram
Timestamp Request
Timestamp Reply
Information Request (obsolete)
Information Reply (obsolete)
Address Mask Request
Address Mask Reply
Echo Request and Reply
Messages
• IDENTIFIER and SEQUENCE NUMBER
– Used by the sender to match replies with
requests
Destination Unreachable
Messages
• Sent when a router cannot deliver or
forward a datagram
Destination Unreachable
CODE Field
Code Value
-------------0
1
2
3
4
5
6
7
8
9
10
11
12
Meaning
----------Network Unreachable
Host Unreachable
Protocol Unreachable
Port Unreachable
Fragmentation needed and DF set
Source Route Failed
Destination Network unknown
Destination Host Unknown
Source Host Isolated
Comm. Administratively prohibited (network)
Comm. Administratively prohibited (host)
Network unreachable for type of service
Host unreachable for type of service
Congestion and Datagram
Flow Control
• Most routers have a limited queue in which
to store arriving datagrams
• Congestion - a router is overrun with traffic
– High-speed computer sends datagrams faster
than a router can retransmit them
– Many computers send datagrams to the same
router at once
Source Quench Message
• Congested routers send one for every
datagram they drop:
Source Quench Messages
• Hosts that receive source quench messages
should stop sending datagrams to that router
(temporarily)
• When it hasn’t received a source quench
message in a while, the host can start
gradually increasing its traffic again
Redirect Messages
• Hosts initialize routing table at startup
• When a router detects a host using a
nonoptimal route it sends the host a ICMP
redirect message
Net 1
R1
Net 2
R2
Net 3
H
Redirect Messages
Code Value
-------------0
1
2
3
Meaning
----------Redirect datagrams for the Net (obsolete)
Redirect datagrams for the Host
Redirect datagrams for the Type of Service and Net
Redirect datagrams for the Type of Service and Host
Time Exceeded Messages
• Code 0 - Datagram dropped because TTL reached
0
• Code 1 - Datagram dropped because fragment
reassembly time exceeded
ICMP – Security Issues
• ICMP can be a source of security vulnerabilities:
– Flaws in ICMP implementation can be exploited
• Recall the teardrop vulnerability in IP
– ICMP is well suited for denial-of-service attacks
• Anyone notice the –f (flood) option to ping?
• According to the man page:
“This can be very hard on a network and should be used with
caution.”
Ping of Death
•
Attacker constructs an ICMP echo request message containing 65,510 data
octets and sends it to a victim host:
Ping of Death (cont)
• The total size of the resulting datagram (65538 octets) is
larger than the 65,536 octet limit specified by IP
• Several systems did not handle this oversized IP datagram
properly
– Hang
– Crash
– Reboot
• Fixed by software patches
Smurf
• Attacker sends ICMP echo request messages to a broadcast address at
an intermediate site
– Broadcast address = a copy of the datagram is delivered to every host
connected to a specified network
– For some broadcast address, a single request could generate replies from
dozens or hundreds of hosts
• The source address in each request packet is spoofed so that replies are
sent to a victim machine
• Result: the victim’s machine/network is flooded by ICMP echo replies
• Many sites have reconfigured their machines so that their machines do
not respond to ICMP echo requests sent to a broadcast address
Smurf (cont)
ICMP - Summary
• ICMP provides a mechanism for extranormal
communication among routers and hosts
–
–
–
–
–
Echo request/reply
Destination unreachable
Source quench
Redirect
Time exceeded
• Sometimes incoming ICMP messages are blocked
for security reasons